From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 7F1BE81BC8 for ; Tue, 17 Jan 2017 01:24:43 -0800 (PST) Received: from int-mx13.intmail.prod.int.phx2.redhat.com (int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 74A3A61B9C; Tue, 17 Jan 2017 09:24:44 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-70.phx2.redhat.com [10.3.116.70]) by int-mx13.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v0H9Ogqf031233; Tue, 17 Jan 2017 04:24:43 -0500 To: Gary Lin , edk2-devel@ml01.01.org References: <20170117045232.4765-1-glin@suse.com> <20170117045232.4765-4-glin@suse.com> Cc: Justen Jordan L , Wu Jiaxin , Long Qin From: Laszlo Ersek Message-ID: <975a088e-6e77-2e5e-d63a-0a2db10f257a@redhat.com> Date: Tue, 17 Jan 2017 10:24:40 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.6.0 MIME-Version: 1.0 In-Reply-To: <20170117045232.4765-4-glin@suse.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.26 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Tue, 17 Jan 2017 09:24:44 +0000 (UTC) Subject: Re: [PATCH 3/3] OvmfPkg: pull in TLS modules with -D TLS_ENABLE (also enabling HTTPS) X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Jan 2017 09:24:43 -0000 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit On 01/17/17 05:52, Gary Lin wrote: > This commit introduces a new build option, TLS_ENABLE, to pull in the > TLS-related modules. If HTTP_BOOT_ENABLE and TLS_ENABLE are enabled at > the same time, the HTTP driver locates the TLS protocols automatically > and thus HTTPS is enabled. > > To build OVMF with HTTP Boot: > > $ ./build.sh -D HTTP_BOOT_ENABLE > > To build OVMF with HTTPS Boot: > > $ ./build.sh -D HTTP_BOOT_ENABLE -D TLS_ENABLE > > Cc: Laszlo Ersek > Cc: Justen Jordan L > Cc: Wu Jiaxin > Cc: Long Qin > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Gary Lin > --- > OvmfPkg/OvmfPkgIa32.dsc | 9 +++++++++ > OvmfPkg/OvmfPkgIa32.fdf | 4 ++++ > OvmfPkg/OvmfPkgIa32X64.dsc | 9 +++++++++ > OvmfPkg/OvmfPkgIa32X64.fdf | 4 ++++ > OvmfPkg/OvmfPkgX64.dsc | 9 +++++++++ > OvmfPkg/OvmfPkgX64.fdf | 4 ++++ > 6 files changed, 39 insertions(+) > > diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc > index 77287920e2..e060602587 100644 > --- a/OvmfPkg/OvmfPkgIa32.dsc > +++ b/OvmfPkg/OvmfPkgIa32.dsc > @@ -38,6 +38,7 @@ [Defines] > DEFINE NETWORK_IP6_ENABLE = FALSE > DEFINE HTTP_BOOT_ENABLE = FALSE > DEFINE SMM_REQUIRE = FALSE > + DEFINE TLS_ENABLE = FALSE > > [BuildOptions] > GCC:*_UNIXGCC_*_CC_FLAGS = -DMDEPKG_NDEBUG > @@ -162,6 +163,10 @@ [LibraryClasses] > HttpLib|MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.inf > !endif > > +!if $(TLS_ENABLE) == TRUE > + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf > +!endif > + > S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf > SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf > OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf > @@ -710,6 +715,10 @@ [Components] > NetworkPkg/HttpDxe/HttpDxe.inf > NetworkPkg/HttpBootDxe/HttpBootDxe.inf > !endif > +!if $(TLS_ENABLE) == TRUE > + NetworkPkg/TlsDxe/TlsDxe.inf > + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf > +!endif > OvmfPkg/VirtioNetDxe/VirtioNet.inf > > # > diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf > index 069e21b7d0..09c165882c 100644 > --- a/OvmfPkg/OvmfPkgIa32.fdf > +++ b/OvmfPkg/OvmfPkgIa32.fdf > @@ -326,6 +326,10 @@ [FV.DXEFV] > INF NetworkPkg/HttpDxe/HttpDxe.inf > INF NetworkPkg/HttpBootDxe/HttpBootDxe.inf > !endif > +!if $(TLS_ENABLE) == TRUE > + INF NetworkPkg/TlsDxe/TlsDxe.inf > + INF NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf > +!endif > INF OvmfPkg/VirtioNetDxe/VirtioNet.inf > > # > diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc > index 64a7c16d2f..0e24e7a5bc 100644 > --- a/OvmfPkg/OvmfPkgIa32X64.dsc > +++ b/OvmfPkg/OvmfPkgIa32X64.dsc > @@ -38,6 +38,7 @@ [Defines] > DEFINE NETWORK_IP6_ENABLE = FALSE > DEFINE HTTP_BOOT_ENABLE = FALSE > DEFINE SMM_REQUIRE = FALSE > + DEFINE TLS_ENABLE = FALSE > > [BuildOptions] > GCC:*_UNIXGCC_*_CC_FLAGS = -DMDEPKG_NDEBUG > @@ -167,6 +168,10 @@ [LibraryClasses] > HttpLib|MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.inf > !endif > > +!if $(TLS_ENABLE) == TRUE > + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf > +!endif > + > S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf > SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf > OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf > @@ -719,6 +724,10 @@ [Components.X64] > NetworkPkg/HttpDxe/HttpDxe.inf > NetworkPkg/HttpBootDxe/HttpBootDxe.inf > !endif > +!if $(TLS_ENABLE) == TRUE > + NetworkPkg/TlsDxe/TlsDxe.inf > + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf > +!endif > OvmfPkg/VirtioNetDxe/VirtioNet.inf > > # > diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf > index f29feb27b4..5233314139 100644 > --- a/OvmfPkg/OvmfPkgIa32X64.fdf > +++ b/OvmfPkg/OvmfPkgIa32X64.fdf > @@ -326,6 +326,10 @@ [FV.DXEFV] > INF NetworkPkg/HttpDxe/HttpDxe.inf > INF NetworkPkg/HttpBootDxe/HttpBootDxe.inf > !endif > +!if $(TLS_ENABLE) == TRUE > + INF NetworkPkg/TlsDxe/TlsDxe.inf > + INF NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf > +!endif > INF OvmfPkg/VirtioNetDxe/VirtioNet.inf > > # > diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc > index ac4bf4f63e..108f7d59bf 100644 > --- a/OvmfPkg/OvmfPkgX64.dsc > +++ b/OvmfPkg/OvmfPkgX64.dsc > @@ -38,6 +38,7 @@ [Defines] > DEFINE NETWORK_IP6_ENABLE = FALSE > DEFINE HTTP_BOOT_ENABLE = FALSE > DEFINE SMM_REQUIRE = FALSE > + DEFINE TLS_ENABLE = FALSE > > [BuildOptions] > GCC:*_UNIXGCC_*_CC_FLAGS = -DMDEPKG_NDEBUG > @@ -167,6 +168,10 @@ [LibraryClasses] > HttpLib|MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.inf > !endif > > +!if $(TLS_ENABLE) == TRUE > + TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf > +!endif > + > S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf > SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf > OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf > @@ -717,6 +722,10 @@ [Components] > NetworkPkg/HttpDxe/HttpDxe.inf > NetworkPkg/HttpBootDxe/HttpBootDxe.inf > !endif > +!if $(TLS_ENABLE) == TRUE > + NetworkPkg/TlsDxe/TlsDxe.inf > + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf > +!endif > OvmfPkg/VirtioNetDxe/VirtioNet.inf > > # > diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf > index 8d66da099f..36150101e7 100644 > --- a/OvmfPkg/OvmfPkgX64.fdf > +++ b/OvmfPkg/OvmfPkgX64.fdf > @@ -326,6 +326,10 @@ [FV.DXEFV] > INF NetworkPkg/HttpDxe/HttpDxe.inf > INF NetworkPkg/HttpBootDxe/HttpBootDxe.inf > !endif > +!if $(TLS_ENABLE) == TRUE > + INF NetworkPkg/TlsDxe/TlsDxe.inf > + INF NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf > +!endif > INF OvmfPkg/VirtioNetDxe/VirtioNet.inf > > # > Reviewed-by: Laszlo Ersek